bryancall opened a new pull request, #13030: URL: https://github.com/apache/trafficserver/pull/13030
## Summary Fix three high-impact Coverity Scan defects (memory safety issues): - **CID 1644226** (Use-after-free, High): `plugins/slice/slice.cc` - `should_skip_this_obj()` used `urlstr` in `DEBUG_LOG` after calling `TSfree()`. Moved `TSfree()` to after the last use of `urlstr`. - **CID 1644298** (Out-of-bounds write, High): `src/proxy/IPAllow.cc` - When more than `MAX_SUBJECTS` (3) ACL subjects are configured, the parsing loop continued writing past the `subjects[]` array bounds. Added `break` after the error message. - **CID 1644219** (Buffer not null-terminated, High): `plugins/slice/server.cc` - `handleNextServerHeader()` used `strncpy()` to copy etag and last-modified values without ensuring null termination. Replaced with `memcpy()` + explicit null terminator, and clamped lengths to buffer size to prevent overflow. ## Test plan - [ ] CI passes - [ ] Verify slice plugin still works correctly with range requests - [ ] Verify IPAllow with > 3 configured subjects logs error and doesn't crash -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
